package zhan.realm;

import com.google.common.collect.Sets;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import zhan.dao.UserDao;
import zhan.entity.User;

import java.util.Set;

/**
 * 数据库中的得到的 数据源 此处返回的info 对象将和UsernamePasswordToken 中的做对比
 */
public class MyRealm extends AuthorizingRealm {

    @Autowired
    UserDao userDao;

    @Override
    public String getName() {
        return "myRealm";
    }

    /** 授权*/
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //添加角色
        Set<String> roles = Sets.newHashSet();
        roles.add("admin");
        info.setRoles(roles);

        //添加权限
        Set<String> permissions  = Sets.newHashSet();
        permissions .add("/user/list");
        info.setRoles(permissions);
//        Object principal = principalCollection.getPrimaryPrincipal();
//        if ("admin".equals(principal)) {
//            info.addRole("admim");
//        }
//        if ("user".equals(principal)) {
//            info.addRole("list");
//        }
//        info.addRole("user");

        return info;
    }

    /** 认证*/
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        //获取当前用户
        String userName = (String) usernamePasswordToken.getPrincipal();
//        String username = ((UsernamePasswordToken) token).getUsername(); 其实和上面的是一样的
        //根据用给户名查询数据库，如果结果为空则，直接返回UnknownAccountException
        User user = userDao.selectUserByName(userName);
        if (user == null) {
//            throw new UnknownAccountException("没有找到用户");
            return null;
        }
        if (!user.getUserName().equals(usernamePasswordToken.getUsername())) {
//            throw new UnknownAccountException("用户名错误");
            return null;
        }

        String password = new String(usernamePasswordToken.getPassword());  //表单提交的密码
        String pwd = new String(    user.getUserPassword());                    //数据库中的密码
//        if (!pwd.equals(password)) {                                      //直接比对，不正确直接返回
//            throw new IncorrectCredentialsException("密码错误");
//        }

        ByteSource credentialsSalt  = ByteSource.Util.bytes(userName);

        // 将用户从表单内提交的用户名，密码交给SimpleAuthenticationInfo【Shiro】做认证
        //此处封装正确的用户名，密码【数据库中的】
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userName, pwd,credentialsSalt, getName());//交给shiro做对比
        return info;
    }

}
